Vulnerabilities > Pivotx

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-02	CVE-2017-14958	Unrestricted Upload of File with Dangerous Type vulnerability in Pivotx 2.3.11 lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. network low complexity pivotx CWE-434	7.2
2017-06-06	CVE-2017-9332	Cross-site Scripting vulnerability in Pivotx 2.3.11 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. network low complexity pivotx CWE-79	6.1
2017-05-31	CVE-2017-8402	Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. network low complexity pivotx CWE-94	8.8
2017-04-07	CVE-2017-7570	Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. network low complexity pivotx CWE-94	8.8

Vulnerabilities > Pivotx {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pivotx"}]}